[Openstack] [Nova] Admin pass injection in launch libvirt/kvm instance

CôngTT tcvn1985 at gmail.com
Wed Jun 25 04:21:40 UTC 2014 

Hi  Thang Pham and all !

I am using KVM on OpenStack Havana , OpenStack Icehouse  , And inject admin
password OK.  SURE 100%


*Step 1* : Edit /etc/nova/nova.conf

[DEFAULT ]
....

libvirt_inject_password=True
enable_instance_password = True


*Step 22:*
If you use image cirros, ubuntu .... downloading from Internet, then you
will modify /etc/ssh/sshd_config to disable authentication private key
(rsa): (Example Ubuntu 13.10)


#Line 15 Un-comment
UsePrivilegeSeparation yes

#Line 30: Comment 30
#RSAAuthentication no

#Line 31
PubkeyAuthentication no

#Line 51
PasswordAuthentication yes



Besides, You can create image for GLANCE by yourself.

Note: On KVM not support reset password. You can see
https://wiki.openstack.org/wiki/HypervisorSupportMatrix

Good luck for U !

P/S: Thắng: Tính năng này là tính năng chèn password ngay khi khởi tạo máy,
mình thực hiện tốt trên KVM

tu0ng_c0ng

On Wed, Jun 25, 2014 at 10:48 AM, Thang Pham <thang.g.pham at gmail.com> wrote:

> Hi Wangpan,
>
> Injecting admin password is not implemented or supported in libvirt/kvm.
>  I believe only Xen supports it.
>
> Regards,
> Thang
>
>
> On Tue, Jun 24, 2014 at 11:36 PM, Wangpan <hzwangpan at corp.netease.com>
> wrote:
>
>>   Hi all,
>>
>> I want to inject admin password to a libvirt/kvm instance, and I enable
>> the config libvirt_inject_password=true on the compute node,
>> I also find the /etc/shadow file in the instance is changed, but when I
>> use the adminPass to login the instance from vnc, it is failed.
>> I find that the admin password is encrypted in
>> nova/virt/disk/api.py:_set_password() method,
>> evenif I encrypt my adminPass and replace the root password in
>> /etc/shadow manually, I can't login the instance with vnc.
>>
>> My questions are:
>> 1) Does this admin password injection function of libvirt driver useable?
>> In other words, my issue is a bug or not?
>> 2) Are there some special details I was losing sight of? such as any
>> configs should change?
>> 3) Is this function depends on the libc version?
>>
>> BTW, I'm using stable havana and booting a debian7 instance, and this is
>> the admin guide page of this function:
>>
>> http://docs.openstack.org/admin-guide-cloud/content/admin-password-injection.html
>>
>> thanks!
>>
>> 2014-06-25 11:16 (UTC+8)
>> Wangpan
>>
>> _______________________________________________
>> Mailing list:
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>> Post to     : openstack at lists.openstack.org
>> Unsubscribe :
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>
>>
>
> _______________________________________________
> Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to     : openstack at lists.openstack.org
> Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20140625/04025829/attachment.html>

More information about the Openstack mailing list